In September 2015, we’ve blogged about a hacker group called Armada Collective that was blackmailing hosting providers in Switzerland (“DDoS for bitcoin”). A few days ago, MELANI / GovCERT.ch started to receive reports from financial institutions in Switzerland that received a blackmail from a group that pretends to be Armada Collective. MELANI / GovCERT.ch is aware that dozens of financial institutions in Switzerland are target of similar extortion attempts. We do not know if these extortion emails originate from the Armada Collective or not. It is possible that these originate from a copycat. However, the emails that have been sent out to financial institutions in Switzerland look very similar to what we have seen in September 2015 being sent to hosting providers in Switzerland.
Armada Collective is back, extorting Financial Intuitions in Switzerland